Irony (Part Two)

As information continues to emerge on the use of forged documents to affect prison escapes in Florida, it now appears that a well-designed e-signature implementation would have made the scheme considerably more improbable.

The method, it seems, involved filing high-quality forgeries of paper motions and orders. Judicial signatures were forged on the paper documents.

In the movie Beau Geste, as the native attackers retreat from Fort Zindernuf, the psychotic and sadistic sergeant, says, “They come when I need them, and they leave when I don’t need them any more.” The same could be said of the forged orders: They left no tracks either coming or going. Because they were neither created by nor processed through any workflow that tracked them, they were there when the prison release officials checked with the court. Once the inmates left, they didn’t need the documents any more.

For a wet signature — even one augmented by a raised seal — to have provided adequate protection would require AT LEAST that those receiving and examining the documents have

A template against which to compare what they are receiving;

The time to carefully perform a forensic-level examination of the current offerings; and

The expertise to do so.

While in time past these functions may have been relatively easy, today’s technology renders them non-trivial. See, for example, this article regarding 3-D scanning and replication of classic paintings, reproduced in microscopic detail down to the brush strokes. A raised seal is much easier to reproduce than a Rembrant.

Whether a team of experts could detect the forgery is really not relevant to our current discussion. Alas, the days of having documents be self-authenticating on their face are probably past. While doing so may not be cheap or easy, it is getting cheaper and easier every day. As the judge who provided me with his thoughts (set forth in A Judge’s Secret Fear of Electronic Signature) so aptly pointed out, there may be times when it’s worth someone’s while to go to the time and expense necessary to subvert the system, as the U.S. Mint knows all too well.

Had the court required such orders to be e-signed, there would have been no way for them to be filed at all. For the fraud to have work, the perpetrators would have needed:

Access to the judge’s PC, and

The judge’s password, and …

Knowledge of how to operate the system, and

The ability to control the workflow to subvert the system (because the system tracks which documents are signed and notifies the parties involved), and

The ability to make sure court officials do not find out about it (because the system regularly provides a report of what has been signed, when and by whom).

Clearly, something as important as prisoner release orders would justify special workflow and alert reporting as well. It simply could not happen absent multiple people inside the court willing to go to prison themselves (because they would be leaving tracks all over the place), including not only people with court processing and procedural expertise, but also people with understanding of the system infrastructure and authorization to access it.